From d47611e6fbb808ea109366781dd76559ffb80bcd Mon Sep 17 00:00:00 2001
From: wiredfool <eric-github@soroos.net>
Date: Wed, 6 Aug 2014 16:42:43 -0700
Subject: [PATCH] Icns DOS fix --  CVE-2014-3589

Found and reported by Andrew Drake of dropbox.com
---
 PIL/IcnsImagePlugin.py  |  2 ++
 Tests/check_icns_dos.py | 10 ++++++++++
 2 files changed, 12 insertions(+)
 create mode 100644 Tests/check_icns_dos.py

diff --git a/PIL/IcnsImagePlugin.py b/PIL/IcnsImagePlugin.py
index 6951c9325..ca7a14931 100644
--- a/PIL/IcnsImagePlugin.py
+++ b/PIL/IcnsImagePlugin.py
@@ -179,6 +179,8 @@ class IcnsFile:
         i = HEADERSIZE
         while i < filesize:
             sig, blocksize = nextheader(fobj)
+            if blocksize <= 0:
+                raise SyntaxError('invalid block header')
             i += HEADERSIZE
             blocksize -= HEADERSIZE
             dct[sig] = (i, blocksize)
diff --git a/Tests/check_icns_dos.py b/Tests/check_icns_dos.py
new file mode 100644
index 000000000..ce6338a71
--- /dev/null
+++ b/Tests/check_icns_dos.py
@@ -0,0 +1,10 @@
+# Tests potential DOS of IcnsImagePlugin with 0 length block.
+# Run from anywhere that PIL is importable. 
+
+from PIL import Image
+from io import BytesIO
+
+if bytes is str:
+    Image.open(BytesIO(bytes('icns\x00\x00\x00\x10hang\x00\x00\x00\x00')))
+else:
+    Image.open(BytesIO(bytes('icns\x00\x00\x00\x10hang\x00\x00\x00\x00', 'latin-1')))